Update the weight_config dict and modify it to use domain names.

ziadhany · ziadhany · commit a121f4443809 · 2024-11-06T20:37:00.000+02:00
Signed-off-by: ziad hany &lt;ziadhany2016@gmail.com&gt;
diff --git a/vulnerabilities/risk.py b/vulnerabilities/risk.py
@@ -1,4 +1,5 @@
 from pathlib import Path
+from urllib.parse import urlparse
 
 from vulnerabilities.models import AffectedByPackageRelatedVulnerability
 from vulnerabilities.models import Exploit
@@ -8,7 +9,7 @@
 from vulnerabilities.severity_systems import EPSS
 from vulnerabilities.utils import load_json
 
-DEFAULT_WEIGHT = 1
+DEFAULT_WEIGHT = 5
 WEIGHT_CONFIG_PATH = Path(__file__).parent.parent / "weight_config.json"
 WEIGHT_CONFIG = load_json(WEIGHT_CONFIG_PATH)
 
@@ -32,17 +33,10 @@ def get_weighted_severity(severities):
 
     score_list = []
     for severity in severities:
-        weights = []
-        for key, value in WEIGHT_CONFIG.items():
-            if severity.reference.url.startswith(key):
-                weights.append(value)
-                continue
-            weights.append(DEFAULT_WEIGHT)
-
-        if not weights:
-            return 0
-
-        max_weight = float(max(weights)) / 10
+        parsed_url = urlparse(severity.reference.url)
+        severity_source = parsed_url.netloc.replace("www.", "", 1)
+        weight = WEIGHT_CONFIG.get(severity_source, DEFAULT_WEIGHT)
+        max_weight = float(weight) / 10
         vul_score = severity.value
         try:
             vul_score = float(vul_score)
diff --git a/vulnerabilities/tests/test_risk.py b/vulnerabilities/tests/test_risk.py
@@ -156,7 +156,7 @@ def test_get_weighted_severity(vulnerability):
 
     VulnerabilityRelatedReference.objects.create(reference=reference2, vulnerability=vulnerability)
     new_severities = vulnerability.severities.all()
-    assert get_weighted_severity(new_severities) == 9
+    assert get_weighted_severity(new_severities) == 7
 
 
 @pytest.mark.django_db
diff --git a/weight_config.json b/weight_config.json
